VYPR
Unrated severityNVD Advisory· Published Jan 13, 2021· Updated Sep 16, 2024

Magento Commerce Insecure Direct Object Reference Vulnerability Could Lead To Sensitive Information Disclosure

CVE-2021-21012

Description

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the checkout module. Successful exploitation could lead to sensitive information disclosure.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.